[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: weak encryption

To: dave madden <dhm@mersenne.com>
Subject: Re: weak encryption
From: mgraffam@idsi.net
Date: Fri, 12 Nov 1999 16:10:37 -0500 (EST)
Cc: cypherpunks@toad.com

On Fri, 12 Nov 1999, dave madden wrote:

>  Michael J. Graffam <mgraffam@idsi.net> replied:
>  =>Widespread usage of shitty crypto is bad because it gives people a false
>  =>sense of security. People will think they have privacy and reveal secrets
>  =>that they may not if there was no crypto. People will think "hey, 40 bits
>  =>must be enough.. EVERYONE is using it" and we'll never get actual GOOD
>  =>crypto in place. 
> 
> My point, though, is that if everybody is using shitty encryption,
> then *I* can use good encryption without drawing attention to myself.
> (Yes, it's a selfish motive.)

Then you are really talking about steganography. Use good crypto and
trade lotsa porn pics. 

And, while I'm thinking about it.. does anyone know of an kit to do
stego with mp3's? 

> I don't think the "false sense of security" argument holds up: people
> don't realize that unencrypted email isn't private in the first place.

That isn't entirely true.. many of the people who will be upgrading their
mail packages sometime this century (which makes getting crypto out there
feasible to begin with) are advanced enough users to know that plaintext
isn't so great. Many companies are giving people lessons on this sort
of thing.

> Of course, I'd like to see everyone using good encryption, but a close
> second (and, I believe, more achievable) goal is to have everyone
> using _at_least_ shitty encryption.  (More achievable because there'd
> be fewer governmental roadblocks; the big hurdle would be overcoming
> people's innate and dearly-held stupidity.)

The stupidity factor is far more relevent than the governmental controls.

The strong crypto is in place. PGP (and now GPG! Woohoo!) is in place,
but people don't use it because security in general is inconvenient. 

To quote/paraphrase Bruce Schneier (Beyond HOPE, 1997):

"People will choose dancing pigs over security every time"

...ya know.. what we need is a really good propaganda campaign.
Every time some stupid shit happens, the Feds run around making the
same old "See, we need to shit on your privacy to prevent <insert
scare factor here>" argument. 

We need someone to intercept a few good juicy emails (to public 
figures, maybe?) and use tried and true SPAM technology to mass-mail
the intercepts to everyone, maybe to the NY Times with a bit of 
commentary. Or, if we really want a zero body-count, fake the emails,
hell fake the victims too. 

Then the propaganda wing of our little conspiracy can say "See, you
need PGP to prevent this sort of thing!"

..hey, it has worked for the Bad GUys since the beginning of time, why not
let it work for us?

Michael J. Graffam (mgraffam@idsi.net)
"Let your life be a counter-friction to stop the machine."
			Henry David Thoreau "Civil Disobedience"

Prev by Date: Free Dictionary and Encylopaedia for Psion!!!!
Next by Date: CIA/NSA's Intelligence Collection Strategy ... GOT YOU !
Prev by thread: Re: weak encryption
Next by thread: Re: weak encryption
Index(es):
- Date
- Thread